DescentBB

Windows7 will actually boot up and throw everything into ram and make it the login screen, then I get critical disk errors and thrown to Windows Recovery. Now, windows "claims" that their "advanced module" is needed to fix these errors, for a small price . I'm skeptical that anything will work and the hard drive is fried, but my 11 year old had it at the time , so, There's also a chance some system files may have been tampered with. Is there any free tool that I can pop onto a flash drive that has the same capabilities as "windows recovery advanced module" ?

Sounds like a malware infection.

Google tells me this.

IF the HD truly is fried, windows wouldn't boot.

Dang I never thought about that. DOH! Your probably right. Little %@!#!%$#'s.

Yup, sounds like your typical fraud/scareware that tries to get you to cough up your credit card info.

It is possible your 11 year old got it by looking up something big in the news on a search engine, for instance Bin Laden getting done in. Or they were looking for warez/porn/etc and got more then they bargained for. Either way you might want to check the browser history.

Fried hard drives dont get you to a point where you actually have realistic hope of getting your stuff. Ive lost several laptop hard drives (hint: don't slam your laptop down when youre pissed). and I kinda know the signs. Any noticeable clicking noises? Lean down and listen to it. Probably not I'm guessing.

I think the others have it. This sounds like malware. My advice is to take it out of your laptop, get one of those adapters (assuming its NOT an SATA drive, in which case you can just hook it up like any other SATA drive) and hook it up to a computer you know is 100% clean with all kinds of anti virus and anti-spyware on it, use those tools to scan the files you want to recover, copy them off the drive, and then do a complete wipe and reinstall of windows. That should get you your files back. Unless its one of the smarter pieces that actually encrypt your files and then delete the originals. In that case I hope you have an off site backup, which would actually negate the need for taking the drive out and let you skip straight to the wipe and reinstall, but anyway! If you have a tech friend I highly suggest giving them a call and telling them whats going on.

Oh, and learn how to give your kid restricted access so he doesnt have rights to install malware anymore.

Considering what that laptop is used for, throwing in a Win7 disk and reinstalling is probably easiest thing to do, but after seeing the look on his face, heh, it's got my curiosity up. Boobies anyone!!

K9 Web Protection is one way to keep your kids in check.

http://www1.k9webprotection.com

Right as you login - launch Task Manager. Sometimes if you can get it running before the scareware loads, you can end the task and run a scan.

Ran Rkill from a flash drive and it was successful, but Malwarebytes wasn't installing no how no way, so I popped the Win7 disk in. Anybody here had any luck installing native Win7 backups? I purchased True Image a year ago and every test I've run has failed on a 64 bit.

you can always use Hiren's BootCD and clean out the malware using the already installed copy of malwarebytes' antimalware

After seeing how badly it was compromised I would have never had any confidence in it at that point so I didn't even bother after that. No telling what changes that thing had made, so I just nuked it for the peace of mind.

flip wrote:After seeing how badly it was compromised I would have never had any confidence in it at that point so I didn't even bother after that. No telling what changes that thing had made, so I just nuked it for the peace of mind.

even when hiren's treats the drive like a secondary drive? That's throwing the baby out with the bathwater.

We should put a sticky up to that boot CD for the next time someone gets hit with something similar.

The link I had posted had a guide to remove it, but its possible the malware was updated with that guide in mind.

even when hiren's treats the drive like a secondary drive? That's throwing the baby out with the bathwater.

No, if it had been a more critical machine I might have cared . Plus, I'm still not sure that even if those tools could remove the infection itself, that they would be able to repair any and all system changes that were made. I reinstalled then patched, ran windows backup on it. Maybe life will be simpler next go around .

there hasn't been a drive yet that I wasn't able to remove any and all malware with those tools.

Create a regular account, and do not use the administrator account(password it).

save you some hassle in the future.